| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 3 Nov 2021 14:03:22 +0300
From: Dan Carpenter <dan.carpenter@...cle.com>
To: Michael Straube <straube.linux@...il.com>
Cc: gregkh@...uxfoundation.org, Larry.Finger@...inger.net,
phil@...lpotter.co.uk, linux-staging@...ts.linux.dev,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] staging: r8188eu: fix a gcc warning
On Tue, Oct 19, 2021 at 12:12:31AM +0200, Michael Straube wrote:
> diff --git a/drivers/staging/r8188eu/os_dep/ioctl_linux.c b/drivers/staging/r8188eu/os_dep/ioctl_linux.c
> index 51f46696a593..4f0ae821d193 100644
> --- a/drivers/staging/r8188eu/os_dep/ioctl_linux.c
> +++ b/drivers/staging/r8188eu/os_dep/ioctl_linux.c
> @@ -1926,7 +1926,7 @@ static int rtw_wx_set_enc_ext(struct net_device *dev,
> return -1;
> }
>
> - strncpy((char *)param->u.crypt.alg, alg_name, IEEE_CRYPT_ALG_NAME_LEN);
> + strlcpy((char *)param->u.crypt.alg, alg_name, IEEE_CRYPT_ALG_NAME_LEN);
Greg has already taken this, and it's not a big deal, but generally
avoid using strlcpy(). It should be strscpy(). The difference is that
strlcpy() does strlen(alg_name) so it can be a read overflow if the
alg_name is not NUL terminated.
In this case, we know that alg_name is valid so it's fine.
I think that strlcpy() could all be converted to strscpy() without
breaking anything? So eventually someone will probably use sed or
coccinelle to do that.
Changing strncpy() to strscpy() is more complicated because maybe people
test afterwards to see if the last character is NUL and also because
some need to be converted to strscpy_pad().
regards,
dan carpenter
Powered by blists - more mailing lists